ST. JOHN'S, N.L. — More than 58,000 people in Newfoundland and Labrador had their private data exposed by the hackers behind a cyberattack on the province's health-care system last year.
Eastern Health, the province's largest health authority, said today that a review of a network drive accessed by the hackers is now complete, and it found that data belonging to about 58,200 patients was breached.
A statement from the health authority says another 280 staff or former staff members were also affected by the cyberattack, which was discovered on Oct. 30, 2021.
Eastern Health says the hackers accessed social insurance numbers belonging to fewer than 20 patients and banking information belonging to fewer than five patients.
Meanwhile, the office of the provincial information and privacy commissioner says its investigation into the attack won't be completed until March of 2023.
The commissioner previously said he expected to complete a report by October, but spokesman Sean Murray said in an email Wednesday that the office is now seeking help from a technical consultant.
The cyberattack knocked out information technology systems in the province's largest health authority, forcing officials to cancel thousands of appointments, including cancer care.
The Newfoundland and Labrador government has been tight-lipped about the cyberattack, refusing to say what type of attack occurred and what its motive was, or whether ransom was demanded. However, several cybersecurity experts have said the incident has all the markings of a ransomware attack, in which hackers encrypt or steal data to hold it hostage until a ransom is paid.
Government officials have defended their silence by noting that several investigations into the attack are underway, including the information and privacy commissioner's probe.
Murray says the technical consultant will ensure any findings related to technological aspects of the attack will be correct.
This report by The Canadian Press was first published Dec. 8, 2022.
The Canadian Press